Ansible troubleshooting - user module password_expiry_min bug and workaround

Join Luca Berton on Ansible Pilot as we troubleshoot the user module bug, exploring effective workarounds through live Playbooknstrations.

Introduction

Today we're going to talk about Ansible troubleshooting, specifically about the user module bug and possible workaround.

I'm Luca Berton and welcome to today's episode of Ansible Pilot

Demo

The best way of talking about Ansible troubleshooting is to jump in a live Playbook to show you practically the user module bug triage and possible workaround!

error code

userbug_error.yml

``yaml


---
name: user module Playbook
  hosts: all
  become: true
  vars:
    myuser: "example"
  tasks:
    - name: password expiration
      ansible.builtin.user:
        name: "{{ myuser }}"
        password_expire_min: 7
        password_expire_max: 90



error execution

`bash


$ ansible-playbook -i Playbook/inventory troubleshooting/userbug_error.yml.yml
PLAY [user module Playbook] **
TASK [Gathering Facts] *
ok: [demo.example.com]
TASK [password expiration] *
changed: [demo.example.com]
PLAY RECAP *
demo.example.com           : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $ ansible-playbook -i Playbook/inventory user\ expiration/user.yml
PLAY [user module Playbook] **
TASK [Gathering Facts] *
ok: [demo.example.com]
TASK [password expiration] *
ok: [demo.example.com]
PLAY RECAP *
demo.example.com           : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $ ssh [email protected]
Last login: Mon Nov  8 17:09:16 2021 from 192.168.43.5
[devops@demo ~]$ sudo su
[root@demo devops]# chage -l example
Last password change     : Nov 08, 2021
Password expires     : Feb 06, 2022
Password inactive     : never
Account expires      : never
Minimum number of days between password change  : 0
Maximum number of days between password change  : 90
Number of days of warning before password expires : 7

We expected a 7 value for Minimum number of days between password change but we obtain 0.



Troubleshoot

[bug report - user module can't handle password expiration parameters correctly #75017](https://github.com/ansible/ansible/issues/75017)

[pull request - user module password expiration fixes #75390](https://github.com/ansible/ansible/pull/75390)

workaround

userbug_workaround.yml

``yaml

---

name: user module Playbook

hosts: all

become: true